A caution about Amazon shopping - Page 6

BearMountainBooks · 05-08-2012, 01:35 PM

I recently had to get a new card because the database was breached at the card issuer's servers (so for example, it could have been breached at Discover Card, Visa or Mastercard.) I have and continue to use the new card issued--I've had a card there for many, many years. Some young folks might say eons.

There was a news article on the breaches for both Discover and...I think Visa databases. That is another "hole" where your card info could have been stolen.

It also could have been stolen if Amazon's servers were breached. Various retailers have been having problems with this for quite a while. No one is immune really. All of us have to watch the charges on our cards and our statements.

My mother had a waiter add and "2" to the front of a tip. The tip was supposed to be 4 dollars and suddenly it went to 24 plus the bill. She caught it on the statement.

If you like the service, get a new card and continue to monitor things. If you don't like the way it was handled or don't want to deal with the very real reality of stolen data, go to cash whenever possible or always.

Yeah. It's a pain in the rear.

bookwurm70 · 05-09-2012, 09:56 AM

The other thing that happens often is Amazon phishing. I've noticed my email account has had an Amazon phishing email almost every day for a week. It's been awhile since this has happened, but it would be another way they could get your account information.

The email comes from "orders-amazon" and says your order has been cancelled. I've never clicked on their link, but I'm guessing it would take you to a fake Amazon login page to get your login and password and then they could use the credit card attached.

Morpheus Phreak · 05-09-2012, 06:30 PM

So just as a point of information.

CC info stored internally at Amazon is encrypted and not stored in plain-text.

Anyone wanting to decrypt the data would require the encryption key OR several years to crack it.

Customer service agents DO NOT have access to the full card number in their systems.

So a CS agent stealing it is not possible, and even if data were stolen from Amazons servers it would be useless without the key or years of computing time.

In essence, it's possible but HIGHLY unlikely that it occurred at Amazon.

It's much more likely to have occurred via another method...and since it was used at a physical store location it required that a physical card be made.

In all honesty it sounds like someone that works for the CC company made a duplicate of your card, or someone that knew enough about you requested a replacement be sent to their address.

I worked in a fairly high-profile job at one of the biggest software companies on the planet...thus I've been a target for this type of behavior. Trust me odds are they got it from some source outside Amazon.

kennyc · 05-10-2012, 07:36 AM

Quote:

Originally Posted by Morpheus Phreak

So just as a point of information.

CC info stored internally at Amazon is encrypted and not stored in plain-text.

Anyone wanting to decrypt the data would require the encryption key OR several years to crack it.

Customer service agents DO NOT have access to the full card number in their systems.

So a CS agent stealing it is not possible, and even if data were stolen from Amazons servers it would be useless without the key or years of computing time.

In essence, it's possible but HIGHLY unlikely that it occurred at Amazon.

It's much more likely to have occurred via another method...and since it was used at a physical store location it required that a physical card be made.

In all honesty it sounds like someone that works for the CC company made a duplicate of your card, or someone that knew enough about you requested a replacement be sent to their address.

I worked in a fairly high-profile job at one of the biggest software companies on the planet...thus I've been a target for this type of behavior. Trust me odds are they got it from some source outside Amazon.

Exactly. Thanks.

basschick · 05-10-2012, 07:41 AM

you know, just 'cause your card was only recently used doesn't mean that someone didn't have the number for a while. a friend of mine had a card number stolen, only the folks that used the card waited for months to use it so it wouldn't look like they did it.

also it's pretty common that a particular spyware can only be caught by 1 or 2 antivirus/antimaleware programs - the rest just don't seem to see it. some very well known antiviruses seem to be the least likely to catch them, too.

GreenMonkey · 05-10-2012, 10:03 AM

Quote:

Originally Posted by Morpheus Phreak

So just as a point of information.

CC info stored internally at Amazon is encrypted and not stored in plain-text.

Anyone wanting to decrypt the data would require the encryption key OR several years to crack it.

Customer service agents DO NOT have access to the full card number in their systems.

So a CS agent stealing it is not possible, and even if data were stolen from Amazons servers it would be useless without the key or years of computing time.

In essence, it's possible but HIGHLY unlikely that it occurred at Amazon.

Exactly. This data is stored encrypted and not easily accessible at any non-fly-by-night company. It's not as easy as *random CSR grabs the credit card number*.

There's a lot of ways easier to get the data. Like someone mentioned previously about the breaches at the credit card processor companies.

05-09-2012, 09:56 AM	#77
bookwurm70 Addict Posts: 265 Karma: 89314 Join Date: Nov 2009 Location: Southern Illinois Device: eSlick, Pocketbook IQ, iPad, Kobo Aura, Kobo Aura ONE	Amazon phishing The other thing that happens often is Amazon phishing. I've noticed my email account has had an Amazon phishing email almost every day for a week. It's been awhile since this has happened, but it would be another way they could get your account information. The email comes from "orders-amazon" and says your order has been cancelled. I've never clicked on their link, but I'm guessing it would take you to a fake Amazon login page to get your login and password and then they could use the credit card attached.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Troubleshooting The Kindle Store at Amazon.co.uk does not support shopping from the Touch	route66	Amazon Kindle	10	02-14-2012 03:11 AM
Firmware update/caution	49Kat	Kobo Tablets	12	12-21-2011 12:46 PM
Kindle - 3G only for shopping Amazon?	blue_skies	Amazon Kindle	51	12-21-2011 11:11 AM
Kindle Shopping on Amazon and copyright issues which may result...	DeusExMe	Amazon Kindle	15	07-01-2008 11:25 AM
Caution: MacOSX 10.5 Breaks Acrobat....	grayfox	Reading and Management	1	10-30-2007 09:29 PM

05-08-2012, 01:35 PM	#76
BearMountainBooks Maria Schneider Posts: 3,746 Karma: 26439330 Join Date: Aug 2009 Location: Near Austin, Texas Device: 3g Kindle Keyboard	I recently had to get a new card because the database was breached at the card issuer's servers (so for example, it could have been breached at Discover Card, Visa or Mastercard.) I have and continue to use the new card issued--I've had a card there for many, many years. Some young folks might say eons. There was a news article on the breaches for both Discover and...I think Visa databases. That is another "hole" where your card info could have been stolen. It also could have been stolen if Amazon's servers were breached. Various retailers have been having problems with this for quite a while. No one is immune really. All of us have to watch the charges on our cards and our statements. My mother had a waiter add and "2" to the front of a tip. The tip was supposed to be 4 dollars and suddenly it went to 24 plus the bill. She caught it on the statement. If you like the service, get a new card and continue to monitor things. If you don't like the way it was handled or don't want to deal with the very real reality of stolen data, go to cash whenever possible or always. Yeah. It's a pain in the rear.

05-09-2012, 06:30 PM	#78
Morpheus Phreak Wielder of Hammers Posts: 77 Karma: 26342 Join Date: Jul 2010 Location: Renton, WA Device: Kindle Keyboard & Kindle Fire	So just as a point of information. CC info stored internally at Amazon is encrypted and not stored in plain-text. Anyone wanting to decrypt the data would require the encryption key OR several years to crack it. Customer service agents DO NOT have access to the full card number in their systems. So a CS agent stealing it is not possible, and even if data were stolen from Amazons servers it would be useless without the key or years of computing time. In essence, it's possible but HIGHLY unlikely that it occurred at Amazon. It's much more likely to have occurred via another method...and since it was used at a physical store location it required that a physical card be made. In all honesty it sounds like someone that works for the CC company made a duplicate of your card, or someone that knew enough about you requested a replacement be sent to their address. I worked in a fairly high-profile job at one of the biggest software companies on the planet...thus I've been a target for this type of behavior. Trust me odds are they got it from some source outside Amazon.

05-10-2012, 07:41 AM	#80
basschick Wizard Posts: 1,096 Karma: 4695691 Join Date: May 2008 Device: Kindle Paperwhite	you know, just 'cause your card was only recently used doesn't mean that someone didn't have the number for a while. a friend of mine had a card number stolen, only the folks that used the card waited for months to use it so it wouldn't look like they did it. also it's pretty common that a particular spyware can only be caught by 1 or 2 antivirus/antimaleware programs - the rest just don't seem to see it. some very well known antiviruses seem to be the least likely to catch them, too.

Advert

Advert